From b32f8e39de1e1339f23273720db8416c47e5762b Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 5 Nov 2023 00:10:10 +0100 Subject: [PATCH] feat(checker): add traceroute checker Signed-off-by: Fabrice Fontaine --- cve_bin_tool/checkers/__init__.py | 1 + cve_bin_tool/checkers/traceroute.py | 22 ++++++++++++++++ ...traceroute-2.1.3-1.fc40.aarch64.rpm.tar.gz | Bin 0 -> 4976 bytes .../traceroute_2.1.0-2_amd64.deb.tar.gz | Bin 0 -> 5639 bytes test/test_data/traceroute.py | 24 ++++++++++++++++++ 5 files changed, 47 insertions(+) create mode 100644 cve_bin_tool/checkers/traceroute.py create mode 100644 test/condensed-downloads/traceroute-2.1.3-1.fc40.aarch64.rpm.tar.gz create mode 100644 test/condensed-downloads/traceroute_2.1.0-2_amd64.deb.tar.gz create mode 100644 test/test_data/traceroute.py diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index 93cc32fce4..c0993c82a7 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -316,6 +316,7 @@ "tinyproxy", "tor", "tpm2_tss", + "traceroute", "transmission", "trousers", "twonky_server", diff --git a/cve_bin_tool/checkers/traceroute.py b/cve_bin_tool/checkers/traceroute.py new file mode 100644 index 0000000000..94f2bcd82b --- /dev/null +++ b/cve_bin_tool/checkers/traceroute.py @@ -0,0 +1,22 @@ +# Copyright (C) 2023 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for traceroute + +https://www.cvedetails.com/product/163596/BUC-Traceroute.html?vendor_id=33432 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class TracerouteChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [ + r"Modern traceroute for Linux, version ([0-9]+\.[0-9]+\.[0-9]+)" + ] + VENDOR_PRODUCT = [("buc", "traceroute")] diff --git a/test/condensed-downloads/traceroute-2.1.3-1.fc40.aarch64.rpm.tar.gz b/test/condensed-downloads/traceroute-2.1.3-1.fc40.aarch64.rpm.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..5b5c61d03dec5929809a99ae502ac8201a328bb7 GIT binary patch literal 4976 zcmbW)Wmgk`0)Sz|45p%=c#<$eg^~Hp|p>eMWp3eWBM^nUWg_!{xzj_$#y17Br{T(k)01 z-kt^NYdX|H4)RM?fP+iPmSOI&x4?1IIHKbK>EKt7<)ZJQ>F9xnS7?jeUIVhh;nIp>k)?}tDh zxC@1U^KmD1xxj4uD`dMY_*K49cVMv*@k_9%j+1c;^Rb<~YIcWV9=MINMB?PxmC}38 zWs&CTx?h1+ij1#zj!G_>1zN*Z*G1K^cEfTzFDK46`h6a7-pNYy?v-{Lba?(9@JD|r z_FUwrc-1=QtV^^HYh=!_nIQ+IzFe>Hq^O>kbDNW0O_CiX4VG0Oh`jwJf~3j|+oj=VX2# zI%f~2AtEZ5;a~Y!?B-CuZ4~n*IL`>u*4dcNTi`24bp9nk4od?=!58v1ypHG=jKtVY1__fJ0tONQor6jWNbQD`DFR; zs9{lxcl@}4Gx)kwgXDC`I zK)Wp$Wrp&-WeBC5T{6if^TH8lx4$r&Kht-X#lKl6!XmfRs(Yvb@oRFI^XmZ#dWSR@ zgz#>#OKIh5pl9PV1I@vLIH`gqneSE${K~#l#@_||BXMgBF78OW61*RUSml05&!fAz z>MldTi2;tO5&RThmzfp8iG*QgeZf)0$?yphB;E6^{y5DlrDJV7mnKfvCWiDw3a(nf z@dWP)K6&sXsE%qF_gS#{XlrxJj7B1djm>5m{&e*pWA}dpH|R^b;xCK(*LTH%T`D#@ zC^`JppArMVM9k-{q7R_H09ylEElWUs#%+!5j`-`bHJX1dr$LXT@I>^R#6(Ws8GQIg)E)N8Xxk6x2Uj;mbcRtxVmWytm3NGy)JIS7x&x~Jb(tg zWu|v5N5ohu)+O1W8JRTF)?}romVKm=6Ux~bw(IB-+9!h29)!+EsSkW4JIbb?JA{$V zS53Qax0c+<3U<|p&$_%Vq8t8MB^0OBp;q%Xi75f)v-XN$5iU#s7fPWG1HBnV!=>*o z8J#5#R2>%A9B+l)dTuV~;-n6(^p&8ut{O|>mo&hx4*eOg#of#T9*3Fb7#2=EQEAm< zX?4+qaCpgs*zp!XQdXb4?*{ax;o9vaa{L~H#(=EW^SK`y50x=q0G4Bi;IMxw(`o(5 zVi9{aQheqOY7$l+Q9|yHSBk}9N=z$%{ouVVz%_r1ZyevA<~F8_XZ0kWUdL%b84+3M zLjN4kr^$%$w1cy+SSR0#L($uqtCJ??wPIgpi6{76lvb)cqd4ZOKnEVWpPQrLKF_orUoIoNt z2@%R{js5q4rnY)pqo%gt_^S3DbX`w+i06UTSU}c~#WL?W*4LbG)j+B{il|WA_I&D< zN>RAH(44JC=*9*3cH~9wHe_V}EhX4A?x2U`9IrXNj;`K|VWj#naPlZ4^zGDLZ`1LjhOFXSsnNEK}i(9=zC ztTP*sm79DUJ+|%FUDEvpRV7?rz9~;v-kASXdGG>Is(_0|3nIV8kXHqz;@rtj9T<$D zXV?1A0Q*#KBK+KO7d$$w@p-XEx$}TQUyMSd zCQ+;$&NMqs!}u!IlVx&y?EA{0Y`BQ1%R-jm_4Jy>$bzm>nA{{F;| z^=pxX^t(17#UkV9P70b^Wd0GU_rVA+H8-2BpdOZ^lln^FA54XDAnr-g6YG8cWp$}5 zmsz)hJ*w6Cex=YcADH|M#d<4fky*djYh%D_yoC|j6cN|9L}@*U4jJFuqIx<|M`6Ra z+nRAMqLH!hTy@kutr5)gg~{3%kdp1)T@4N)9`o3av_@mCDE}Ti&Oapkz6P|aY!8l( zp)qqZ8Ln>{2YI%qrd69tymu?Y!V#AIww=MC08{s$Il0p1ErQr8$mf%-+r5Qc{~|wY zPuWO051Zy6Ji{nLAMviq_Q0gIn-z0eX+&UvCEtwRf=dl+O*3C9-1!6w)f-6#KA$+j zDu)Y>SS5cRG~LH_iszAhIHFqq4sNk5O?@ti*5`ve{|E~;1na%GSZ?JQHkv525%+-e zsRUY7<>xiJf7|eng$w04JY6fdT{Ot9jt@OjBi(GZ&%aw}uX{J8&hXgU-$IfoG~l{U zk>WMT%YJ_Pi9FUS)WtAPSsrLSM#!Irq!OSbT3c%Nc8mpIkX}JKxNt2(tvY8RkxCJ8rO)g^G_`d?5Sw56HW*IJ z#mZz8EtP)OaJ^hlX+-mjzr)lviK`>I%9rL_;F-?5Z1P8tG!QS0NE#iuI#yZ z4TvJB+v8QBmd3b>dTlU9v^oMmDY~@5uW_?drcVzpu!n*pGC)N(3*i-=_qu z#KtX2fDk&|%J;Kl*#%x>4NkVA5pwx+^B;S9+ytVs)6L>$6Stbb@`3AXi9e<2jWiH6 z6sR?Pfm0ovpKW<(Db?tIO*XS&fE8N8vtF!E7oj?c-2VFXhr$kusR~H&)Fs9#o9e`J z%+gr2K`5UIz^`&2L4!ovl;tLw{{F};K48-Lj0N`ZBkuD|+Baz4cYAwI1{aE%zrN)j zCGFwQXt!J_;S@AD27asv7-t8r|4DzF+qwVg-#0Js#}m& z`t@;)shB(}{T0ART~3%nX@WX;5tcFn$VO{f*VK-l8mN>zYy?Mn{kEs?1i|c{{C;CF z_hznI)Sjmyo%CwqLd-FJ&t3r|`2rQZ|@&e{Zr~qc39F{pL>7P(O%_ zDQX!bhg(6|(~X?TO0?`|@G9(ULyS6e>(KIo`)P^AU5z&q{r*@^kxiVq~HnEs2PG|?~MKJi$%T^ zW*P116gCV*q1Nr5xaLLmZs5JnckhK`kv`}`hx{>)z=cF|Mc{Ppd+3^05M`#I*OTAo zD;8=$NkSmpe|lDt9d#?td&W~*aNruL3fYO3p@SnB91;-{&{CTVldM04Iy})M`@Z;J z92b=!_d3$Lt;l!4>oG1m4+ht9y<1wJuB1(1%+E@!;lIKoX zY=}v)#g2k`hYhILRCq^HF=yqH8i#+5LpY{NL~H9?tZ28s!_NJ@l5FyXm3KNl=W`@; zsltJZ(i(}vO2?iJbBZ}eT3I*(kCu)zs$$(dEyt((xAfICD1e0zy;g(NWQpaclJy_CWN$M^AM(s}+I!@@d^-D^7Y9 zo8*;_O59fx#p_`3emhcN2gQ=pCFZvAmkduvk!QP*$8b2igD6Fo-oz(?DWW2Qky8s=iX@vhI;`?xhCeuVb#M9b!+yWDJ-a1|8g!X_FA=c+1xK3O?LS{9> zed-de2q#mFgH$EhC05Y$Ca^T0!wtNXejWd>~fR{ z3(yz!;)>PB5G*EULnYR>ftQo{1LH<`yQ2i9*X^NyX~W%%LMat-4ruCrvPZH|!o@iw z70+JYzmM6WOMsBuv3G>hW=XU%Vx>7@LoT;(e`JBa-d|@&|acDolT)QjY9_8Z8C~WE4Y0qpXQ%;0%K2&X4OL(0TU7XYk;k7 zc8|sGQ+I!AwK?y0t&?G^A&V=v1Pwx)&ht*Z-20DZTaXk&y@K#wM@E=zsYWD=5G%^-s-$C z>6{SUbdRVPyb;9K+`b5VoL}_7etVIB9I$D84>^KZhrQp&K9jz5;^_MFAeKATHEOkK z%bnVFal3eedT?&fDE(*7DUDQ}f!??d)U9Mbm~+W^i{J5>n0Tu@qOp&?iX?;`e8L>n ziA&tLSYB_-k=X&3VXFa&6rTC;F-?ArYoNNvi@PN?RCH51Kut1rR0U9n)k|T?p^x+%etF+IID>PH&9=)h6X)mpn{A zpZqk$KS4ee#Czv{mx+qJLDVS^&unW4Ni!+j>9BSEES_kP_dKVOLs%9{y!EC1#oXKn4W9prz*8*y?bbKpv`n*){%Ga>N!Eht+@wMlPfXAU=6#LppP#Alqqx;60r*_cPc}JYY?e!3 rrUp&U@EF)O%z9j(JF?-D?4R)xmh7LPh(Uetz-xj9R;6+7;9Gg3yDO+1N8FJ3-#kCu_~v9 zMIC3ZjwooN&s}H7iXttHup4M9m%&v6&}=-x>wVnfqG9b^TYHNBchuhA)YOo@ko~lJ zAn*J@({Mf2TlBG^k+BeQfUtY4^S)dNemQqVC_>;Jm-s%dOM!M%4?p&T&U<<~e|4J1 z51ug7<(r(~nlhU-DTlfsAb-ac61oh2R|W?hMTVRie=&yx0Xbp)-)*26sMIgJ-fji= zVz)5ij0UQ=h5lc+0V7s4;_mia3UallEZ6UnDv~K#eSnFs3Y-2hmQ^pazW{)Qn!cjs zePs8KC9H8+JjoIX06bSUzOt&S*1`8lzjp5X3Z}uGHd}!C5D+p#K=Xb%hBYOF@Jb-X z@kC_ZJp6c&g|dZrr5y7lfa*JKxeWV+yL2UuheS{x(xi+q&?ub}1FgyPUDp>oR zdNKpjDokGB6`dM+$cbuBL=Pd+1<6f=2e59Buk48)Bn=#Cc?D!dj1Ac#+tf3AYB_Uc z#DM|z3r_5qgEHe~crI)S&Kz!n#C#oe(^;G&m;?q|{Uqd}$Vn)nZ*G^2>WcIgUD0@^ zqdD0Gh3sX9GxFp4$hf{$L>n%d*`E1sI2L?aSq@#T7`2oJJr9~GG>RgbwIIy#r6$sF zb`?cctshJWfRy|5kMzhmr#jWCq!WWWWpVaV;Q7-Yaat$6&rq?O2iT*rv;SKMWNpCz z=J4S3z@}-dbRw4EJa2|IXs&22pTN`!T=}Scvvf~Su5mX4)9T!V>vn#H*@1dzy+DaU z!J8$r{bipob6j&Tb1rjHQ;tgXM0LDyzzgge7iV)en5>(@rQMPzLM9#Jr$>it z-q`p){5c+VyQc)sTi!<k#w(j=~ z&aSvL67wp+Qvj9 ze?(8k?v)-*pZV@w>{Ufi?8fl)#PH8h&;Hu0-)Pby_*Vu?*&SX}(c5MbD%c>>MArv7 zOeO%On~S+&c%HIP>2PK3M_buW9rx?a3m!y@Tqv$D$d_=SCl$QNAvMy3_wNSE94{*2 z-`?GH8$@Gjrs44vmr_xP9xA|-1dccIm+RO%P+TC7`^e_qICr#EJJ*rweE~W?Q9F{3 zzm_&vK}%1iEEQVKLEC|@xF&bFocNeN5-rkwOv>|CaDc20r(k5i5Nx=vzf@!IL9b7g zqy#Op5=!8$IvTpKQ+aN6X5&8h09lbgS)zhKBpcWFhd7{3zufsh%wN}$qfiS~$B&@c z){vISVhd0^;=BkVk9#ff9ETOSxUF+`2f^^)G}FHaOJDoFU+BQ(>W+-APS45iJ6Q9f zR`Yg%?e`xAQfvC^_O3poe9*8&96^f}NMJ+N!Bj{+-J6l~ro{TT8Jr6;c zC|A8XH)5Dr6-on_YO6%BG7iUr*y_Fllq);UW2DOHNYDon|>TO ze0OGL5LG)&2nZifZEyibEz7GSVjRpCI;I{ z5YZfQoRMJR^1fPVIRpA@%qbEt&=@A`vShkG5|I1vyho8GilI(f^~q463X{gt4r|^i z3J{UVy}@vbBaxoum~Z;~nafdp1Kxb}rS`DuL5t4wL6=bhf z(x&D}-rZwfAx}8Hhq=p1LUVIXzZI#A^CiT0PRnZ46R`pr=C0Z`D(~oJUYK4lk}gjA z>ezZxF4wsEmN5@fI3QtN@O*Mt{NY&lD5&ntIJT@v&P6urM?%2vqrAi=+@W-A38LZ| ze1)DACFWLjC=bd; zLJZouLQnKqR;FX__Yn!iQSMga3721EkG$h->E6%EZ$pYo&eb|l-Hohf8GgSuBfAu~ zy%*GiT_M;D_pQdp-3`kmQ!Q3z=&3~QVz0EA2Ybka5^}=$5F?faJyF6}>VU*%j|M6D z_Pf>+KU*p~n1HdN)AFOv>rW(&!v8w>F+(5iZx`{Xf-UMN?r~VIw5vPxt9p0Gf8(L_ zRsuNNVo23zS8s5tR2AGQ4b(<$S5sfXDwl?HXz*(+R3A6vX)0({0O3LhZ z2$dDxhFqJ_F^x&iO`Shsu0HDk&xBeFk=^cvJvo|eANv{RZU=bs_*R7+VY+h^*FQjQNzx9a54-cwx(c_Tg${{O zN%E7CgkS`{?yKx8Rm!KQNrs;)Y9>npw;URR3GZPnM60CuiVZ5y5#{Y_OWIRn`)pr{ z9RI5ej~-QCvW)Q45%(P_DE!4a*6DsUyfEewp=&Kn2Ki<7CI2%f<@wFh`OO*3f4SVU z%Pj6ej(2+Tz;D-nOWgZ`Ev_q>^6byG;iV-*w|~5)mcz~Y57)r;%B&hnQWs8_`AY^) ztfsQ|&)E^~XV(eet=6=6$|~)YMcc*8ajU+bUR|k_rVkL%vFTvteEpqVoBp2?q@i-* zRLoyY{in-$T2o71#ZuTJok+=8&a4e5dQaH)M+%=sm9P*gXv`u?T#T)3yu_aqKZBWA z60N}^!CN~MK!Ad-q%Wemq_c*E91 zNDy=}Z9gq42oMHW z&q6O0!>4(k$a6-lL_3dkSfk~^zCk+38j9zG-r;ARQ3Sz~Ec6s0St@-SY{PwGA!M9x zz^sQ}4QbQz$Umu+B!1PMtlNSIIc|Ixs(Jnl+{>m|1?{X z_1x%ay`Cum<9Hub=JXZ041@J3)dVXfr)F}pi2^#C3$mn^S3>)3jTKn1OV7f@b}?`? zLdb<#-BKeKLC5rK)@Eu~lk`+FqvTVu3|TIQz3kIOC$Dnj5TN_G1j>jlqVz82*GG;Y z6GXd!ML$}_33}xU_U~}jfbxxGC3yhmZ`9iW-fPs@$u)>9dj>K^|V zJ@AoOX}Z+OGj;Df*mn2lO@V*~X~G+Z(Bg@|%vhJpbhZc)>%9=XUDMGIw@jKf$jRtU zMMeAe9~wbOppu18fvOMYg2KH0){)bWoLxvlqsHw=n(HcP(V>=D4b^*g*GAkb69uo+#n<^&NIm56tabNa&t<}12hDDFcA%jhEOlxv zn^Ff4x23^Bek-n0#c}6Ffp4E;>J|x~#-!*Uy2Ov^g?OGqr;k_ANkSd(`TdWb_U7$e z2Nwy}4B<57Dei+^H`8zB{@$JW-Dd;Lk-wu>krA*Yd86$K<73o0Jasw;WBz2WN8CW;ngyf5VVu@Y}az~-a<`?%(z+}R$g61}?TpRB{BoouV8(xXU zL8h!-Y>j{~xuV|qt#?&}R}as}6+3;^`U8MjUxg487KD&zW97r?e`LS?@2ywsVGw7> zs_Ptvh|k!hh4`_2osoQ&@RbeX0FibdQjU%}m+#E%A?Y9H2Z2<2C-HxH`a>3mDBouG zO$O+_OfMx4X8<*z}RqR~CaDvgdW{c^?7z%P^tzBJ`hr;9Uf$Fzc%43satu=+O)r(zqPr9gZi%W=E`ab)5LF{$Td~)7=Ty| z45VQ`w`0v|FtqEL84pq-fb5WYf&lFW+)-E`fSWUtr3w(eOEqwEO@r8Z+7PaNIHsBIPU)b~YFV#ePqs{;28g#L?EO@NwcDySWJ$2 z_a3q5{h_D^O3CKO?5K_eXQxf0HOE}_rWn&y2QXpcOj4kinyPn7bfRir?y~`>8~cB4 z?jLCL(WGVX@JmB-h$;)E7l*MEvetxgk&po>A)*ibY)nyhbo|&P%6c;-+B|=+A$WV) z+)uR-J+I0%%-XwxDVGd{pQ+lkd4{AU8h8ZIssOh$<8HypD!Po~`xdhK$9 zvT@ZvIK2&ac75bw-DI_1n3%lx5P6;Ev%zONz2<+WuWgB=9YzfvZm=vOGPWtA)KFMY z7LhBD9nRqm57--!w5mitt)lpg`kmH?0trMz^>w3Cj_&=ztiAL>WK^Ki52@}x>C3i-1LK4aUN!W)s%F9+GR>zt{= z(&PpNN)9xWXRBjon2Rb`<|;GpCuiV`s#hf85Q}OtY|Ni#ag1Nc@e8aM}@zI3ZE zA(hQ<$*>-<{7q5lf=!$j=CXvql_ypfi`r(4Z?19 zbh!7t&?;wswutX7oI`fF^E;N^&%-fg?A#xDPHv}_*#E<^wR3b2n4O*>U?Ek8qICeN z^@Xi|sPk&^J1itEi7s+caENM8HMV@(m^V8kBqQr%v2_mU_GWa1u2v>hGk#|z|BH8- zxIsYC;>1*_@9Vu|JU3u28JA*66#1{L9Z7$Na>mnh;XuPo_?WZ$!pY`82=Ob6MONSg zoRweDukO->ku+h!9BZ4oaq{6F?ldNx`6$0k=^#51dq-jlG!6fa$N#pB6QR{Kv5{}% z+e;$9_pOjKXzw=|2MPbcXu9UIW{h{1LJw6r%uB4`l#!=&cYDRt&!zmQ%N`#6cu^*& zS4qs0T&I0qObU6tlXZs8hF;vAQE=7$Jkoz`=tH{zxFN*Hv44Aw!wjYzp@g{~ zq(L9=EtLz=~}pcnq4b2{Z`K$b=wdsh@WQu6$k7neHUZ@>D08PvI1!MTS&; ziekqX*jE1E?Xaho{1MnxSBVTH%hoj|8sqytD`gHC{L@}{-xW!q-_p3|W;%unPKfV3 ze|3c1xBSW}nSD0#W19Wbz`g;tt!V5e%N%%Y_Ru4|sfAnd+7em0m~Y-;giJI`*aFo| zGIZ+5cFD~U_Jk=iFi9s{Q)SX$-{^MPTP`i4l$-eQt!COBg|{BbUZOeg|ELCFG#C(@ z84Kmz&Ep7DA4h*n>bgsEtZAlT)K_rX_sgoTWd@YIr!gW}6xhP;57Z>3#-Q{W08&A5ls>Yy6wqEZfXX zk9fEu(Y#{L(*@8;ltL9S9){-()z@7-()MjS6D!H*}6+W8`9)-Md;gR zeMH`g&FxIYF&JoCPfbRhy?&6zfe|G(z({jF^FFD0{U@6-RmH`snJay2730||nJ^gkv! BNM-;4 literal 0 HcmV?d00001 diff --git a/test/test_data/traceroute.py b/test/test_data/traceroute.py new file mode 100644 index 0000000000..f3b2a9c4c6 --- /dev/null +++ b/test/test_data/traceroute.py @@ -0,0 +1,24 @@ +# Copyright (C) 2023 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "traceroute", + "version": "2.1.0", + "version_strings": ["Modern traceroute for Linux, version 2.1.0"], + } +] +package_test_data = [ + { + "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/t/", + "package_name": "traceroute-2.1.3-1.fc40.aarch64.rpm", + "product": "traceroute", + "version": "2.1.3", + }, + { + "url": "http://ftp.fr.debian.org/debian/pool/main/t/traceroute/", + "package_name": "traceroute_2.1.0-2_amd64.deb", + "product": "traceroute", + "version": "2.1.0", + }, +]